diff options
Diffstat (limited to 'spec/controllers/projects/todos_controller_spec.rb')
| -rw-r--r-- | spec/controllers/projects/todos_controller_spec.rb | 133 |
1 files changed, 110 insertions, 23 deletions
diff --git a/spec/controllers/projects/todos_controller_spec.rb b/spec/controllers/projects/todos_controller_spec.rb index 58f2817c7cc..1ce7e84bef9 100644 --- a/spec/controllers/projects/todos_controller_spec.rb +++ b/spec/controllers/projects/todos_controller_spec.rb @@ -5,29 +5,10 @@ describe Projects::TodosController do let(:project) { create(:project) } let(:issue) { create(:issue, project: project) } let(:merge_request) { create(:merge_request, source_project: project) } - let(:parent) { project } - - shared_examples 'project todos actions' do - it_behaves_like 'todos actions' - - context 'when not authorized for resource' do - before do - project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) - project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE) - project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE) - sign_in(user) - end - - it "doesn't create todo" do - expect { post_create }.not_to change { user.todos.count } - expect(response).to have_gitlab_http_status(404) - end - end - end context 'Issues' do describe 'POST create' do - def post_create + def go post :create, namespace_id: project.namespace, project_id: project, @@ -36,13 +17,66 @@ describe Projects::TodosController do format: 'html' end - it_behaves_like 'project todos actions' + context 'when authorized' do + before do + sign_in(user) + project.add_developer(user) + end + + it 'creates todo for issue' do + expect do + go + end.to change { user.todos.count }.by(1) + + expect(response).to have_gitlab_http_status(200) + end + + it 'returns todo path and pending count' do + go + + expect(response).to have_gitlab_http_status(200) + expect(json_response['count']).to eq 1 + expect(json_response['delete_path']).to match(%r{/dashboard/todos/\d{1}}) + end + end + + context 'when not authorized for project' do + it 'does not create todo for issue that user has no access to' do + sign_in(user) + expect do + go + end.to change { user.todos.count }.by(0) + + expect(response).to have_gitlab_http_status(404) + end + + it 'does not create todo for issue when user not logged in' do + expect do + go + end.to change { user.todos.count }.by(0) + + expect(response).to have_gitlab_http_status(302) + end + end + + context 'when not authorized for issue' do + before do + project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) + project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE) + sign_in(user) + end + + it "doesn't create todo" do + expect { go }.not_to change { user.todos.count } + expect(response).to have_gitlab_http_status(404) + end + end end end context 'Merge Requests' do describe 'POST create' do - def post_create + def go post :create, namespace_id: project.namespace, project_id: project, @@ -51,7 +85,60 @@ describe Projects::TodosController do format: 'html' end - it_behaves_like 'project todos actions' + context 'when authorized' do + before do + sign_in(user) + project.add_developer(user) + end + + it 'creates todo for merge request' do + expect do + go + end.to change { user.todos.count }.by(1) + + expect(response).to have_gitlab_http_status(200) + end + + it 'returns todo path and pending count' do + go + + expect(response).to have_gitlab_http_status(200) + expect(json_response['count']).to eq 1 + expect(json_response['delete_path']).to match(%r{/dashboard/todos/\d{1}}) + end + end + + context 'when not authorized for project' do + it 'does not create todo for merge request user has no access to' do + sign_in(user) + expect do + go + end.to change { user.todos.count }.by(0) + + expect(response).to have_gitlab_http_status(404) + end + + it 'does not create todo for merge request user has no access to' do + expect do + go + end.to change { user.todos.count }.by(0) + + expect(response).to have_gitlab_http_status(302) + end + end + + context 'when not authorized for merge_request' do + before do + project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) + project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE) + sign_in(user) + end + + it "doesn't create todo" do + expect { go }.not_to change { user.todos.count } + expect(response).to have_gitlab_http_status(404) + end + end end end end |